Hi, I have tried it and it worked fine but the problem is override the default wildcard certificate and configure a different certificate, because it's not possible to configure the intermediate CA chain into the admin panel. I tried to configure the CA cert with the root CA and the subordinate CA files and the router is ok but if I navigate the new route I received a security error.
Marcello On Thu, Oct 12, 2017 at 1:14 PM, Aleksandar Lazic <[email protected]> wrote: > Hi Marcello Lorenzi. > > have you used -servername in s_client? > > The ssl solution is based on sni ( https://en.wikipedia.org/wiki/ > Server_Name_Indication ) > > Regards > Aleks > > on Donnerstag, 12. Oktober 2017 at 13:02 was written: > > > Hi All, > thanks for the response and we checked the configuration. If I tried to > check the certificated propagate with the passthrough configuration with > openssl s_client and the certificate provided is the wilcard domain > certificate and not the pod itself. Is it normal? > > Thanks, > Marcello > > On Thu, Oct 12, 2017 at 10:34 AM, Aleksandar Lazic <[email protected]> > wrote: > > Hi. > > Additionally to joel suggestion can you also use reencrypted route if you > want to talk encrypted with apache webserver. > > https://docs.openshift.org/3.6/architecture/networking/ > routes.html#re-encryption-termination > > Regards > Aleks > > on Mittwoch, 11. Oktober 2017 at 15:51 was written: > > > Sorry I meant it say, it *cannot modify the http request in any way. > On Thu, 12 Oct 2017 at 12:51 am, Joel Pearson < > [email protected]> wrote: > > Hi Marcelo, > > If you use Passthrough termination then that means that OpenShift cannot > add the X-Forwarded-For header, because as the name suggests it is just > passing the packets through and because it’s encrypted it can modify the > http request in anyway. > > If you want X-Forwarded-For you will need to switch to Edge termination. > > Thanks, > > Joel > On Thu, 12 Oct 2017 at 12:27 am, Marcello Lorenzi <[email protected]> > wrote: > > Hi All, > we tried to configure a route on Origin 3.6 with a Passthrough > termination to an Apache webserver present into a single POD but we can't > notice the X-Forwarded-Header to Apache logs. We tried to capture it > without success. > > Could you confirm if there are some method to extract it from the POD side? > > Thanks, > Marcello > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users -- > Kind Regards, > > Joel Pearson > Agile Digital | Senior Software Consultant > > Love Your Software™ | ABN 98 106 361 273 > p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au -- > > Kind Regards, > > Joel Pearson > Agile Digital | Senior Software Consultant > > Love Your Software™ | ABN 98 106 361 273 > p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
